-3

I got a users table in my db where the passwords are encrypted with the PASSWORD function.The thing is i want to create a login system i cant figure out how.I know i can use something like this

SELECT `username`,`password`
FROM `users`
WHERE `username` = $user 
AND `password` = PASSWORD($password)

but i want to use prepared statements so my code looks like this

$sql = "SELECT * FROM users WHERE username=? AND 
password=?";
//.....
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ss", $u,$p);

Any ideas?

Alator
  • 497
  • 6
  • 23
  • if you really want to use the `mysql's PASSWORD` then try executing this query `select PASSWORD('hello')`; – P Pang Nov 06 '17 at 12:30
  • Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Nov 06 '17 at 13:13

1 Answers1

1

You can use the PASSWORD function inside your SQL query Like this:

$sql = "SELECT * FROM users WHERE username=? AND 
password=PASSWORD(?)";
//.....
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("ss", $u,$p);
YouneL
  • 8,152
  • 2
  • 28
  • 50